diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-cors.spec | 166 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 168 insertions, 0 deletions
@@ -0,0 +1 @@ +/cors-1.0.1.tar.gz diff --git a/python-cors.spec b/python-cors.spec new file mode 100644 index 0000000..2775744 --- /dev/null +++ b/python-cors.spec @@ -0,0 +1,166 @@ +%global _empty_manifest_terminate_build 0 +Name: python-cors +Version: 1.0.1 +Release: 1 +Summary: Fast CORS misconfiguration vulnerabilities scanner +License: MIT +URL: http://github.com/chenjj/CORScanner +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/ef/74/a7913a710ef4ecce19dd091168dd0e21d7705587d3f2d4eac0e502bb3a75/cors-1.0.1.tar.gz +BuildArch: noarch + +Requires: python3-colorama +Requires: python3-requests +Requires: python3-argparse +Requires: python3-gevent +Requires: python3-tldextract +Requires: python3-future +Requires: python3-PySocks + +%description +-u | --url | URL/domain to check it's CORS policy +-d | --headers | Add headers to the request +-i | --input | URL/domain list file to check their CORS policy +-t | --threads | Number of threads to use for CORS scan +-o | --output | Save the results to json file +-v | --verbose | Enable the verbose mode and display results in realtime +-T | --timeout | Set requests timeout (default 10 sec) +-p | --proxy | Enable proxy (http or socks5) +-h | --help | show the help message and exit +### Examples +* To check CORS misconfigurations of specific domain: +``python cors_scan.py -u example.com`` +* To enable more debug info, use -v: +``python cors_scan.py -u example.com -v`` +* To save scan results to a JSON file, use -o: +``python cors_scan.py -u example.com -o output_filename`` +* To check CORS misconfigurations of specific URL: +``python cors_scan.py -u http://example.com/restapi`` +* To check CORS misconfiguration with specific headers: +``python cors_scan.py -u example.com -d "Cookie: test"`` +* To check CORS misconfigurations of multiple domains/URLs: +``python cors_scan.py -i top_100_domains.txt -t 100`` +* To enable proxy for CORScanner, use -p +```python cors_scan.py -u example.com -p http://127.0.0.1:8080``` +To use socks5 proxy, install PySocks with `pip install PySocks` +```python cors_scan.py -u example.com -p socks5://127.0.0.1:8080``` +* To list all the basic options and switches use -h switch: +```python cors_scan.py -h``` +## Misconfiguration types +This tool covers the following misconfiguration types: + +%package -n python3-cors +Summary: Fast CORS misconfiguration vulnerabilities scanner +Provides: python-cors +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-cors +-u | --url | URL/domain to check it's CORS policy +-d | --headers | Add headers to the request +-i | --input | URL/domain list file to check their CORS policy +-t | --threads | Number of threads to use for CORS scan +-o | --output | Save the results to json file +-v | --verbose | Enable the verbose mode and display results in realtime +-T | --timeout | Set requests timeout (default 10 sec) +-p | --proxy | Enable proxy (http or socks5) +-h | --help | show the help message and exit +### Examples +* To check CORS misconfigurations of specific domain: +``python cors_scan.py -u example.com`` +* To enable more debug info, use -v: +``python cors_scan.py -u example.com -v`` +* To save scan results to a JSON file, use -o: +``python cors_scan.py -u example.com -o output_filename`` +* To check CORS misconfigurations of specific URL: +``python cors_scan.py -u http://example.com/restapi`` +* To check CORS misconfiguration with specific headers: +``python cors_scan.py -u example.com -d "Cookie: test"`` +* To check CORS misconfigurations of multiple domains/URLs: +``python cors_scan.py -i top_100_domains.txt -t 100`` +* To enable proxy for CORScanner, use -p +```python cors_scan.py -u example.com -p http://127.0.0.1:8080``` +To use socks5 proxy, install PySocks with `pip install PySocks` +```python cors_scan.py -u example.com -p socks5://127.0.0.1:8080``` +* To list all the basic options and switches use -h switch: +```python cors_scan.py -h``` +## Misconfiguration types +This tool covers the following misconfiguration types: + +%package help +Summary: Development documents and examples for cors +Provides: python3-cors-doc +%description help +-u | --url | URL/domain to check it's CORS policy +-d | --headers | Add headers to the request +-i | --input | URL/domain list file to check their CORS policy +-t | --threads | Number of threads to use for CORS scan +-o | --output | Save the results to json file +-v | --verbose | Enable the verbose mode and display results in realtime +-T | --timeout | Set requests timeout (default 10 sec) +-p | --proxy | Enable proxy (http or socks5) +-h | --help | show the help message and exit +### Examples +* To check CORS misconfigurations of specific domain: +``python cors_scan.py -u example.com`` +* To enable more debug info, use -v: +``python cors_scan.py -u example.com -v`` +* To save scan results to a JSON file, use -o: +``python cors_scan.py -u example.com -o output_filename`` +* To check CORS misconfigurations of specific URL: +``python cors_scan.py -u http://example.com/restapi`` +* To check CORS misconfiguration with specific headers: +``python cors_scan.py -u example.com -d "Cookie: test"`` +* To check CORS misconfigurations of multiple domains/URLs: +``python cors_scan.py -i top_100_domains.txt -t 100`` +* To enable proxy for CORScanner, use -p +```python cors_scan.py -u example.com -p http://127.0.0.1:8080``` +To use socks5 proxy, install PySocks with `pip install PySocks` +```python cors_scan.py -u example.com -p socks5://127.0.0.1:8080``` +* To list all the basic options and switches use -h switch: +```python cors_scan.py -h``` +## Misconfiguration types +This tool covers the following misconfiguration types: + +%prep +%autosetup -n cors-1.0.1 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-cors -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.1-1 +- Package Spec generated @@ -0,0 +1 @@ +7a9ceb145106acd73c0ce6ce97cc0ed8 cors-1.0.1.tar.gz |